Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't delete windows\hosts


  • This topic is locked This topic is locked
44 replies to this topic

#16 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 03 February 2006 - 10:46 AM

Here are the two logs,
Thanks for helping.



(2/3/06 10:17:46 AM) SPSeHjFix started v1.09
(2/3/06 10:17:46 AM) OS: WinME (4.90.73010104)
(2/3/06 10:17:46 AM) Language: english
(2/3/06 10:18:06 AM) Disinfect started
(2/3/06 10:18:06 AM) Bad-Dll(IEP): (not found)
(2/3/06 10:18:06 AM) Bad-Dll(IEP) in BHO: (not found)
(2/3/06 10:18:06 AM) UBF: 7
(2/3/06 10:18:06 AM) UBB: 0
(2/3/06 10:18:07 AM) UBR: 25
(2/3/06 10:18:07 AM) Bad IE-pages:
(2/3/06 10:18:07 AM) Stealth-String not found:
(2/3/06 10:18:07 AM) Not infected->END


Logfile of HijackThis v1.99.1
Scan saved at 10:34:23 AM, on 2/3/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\EFFICI~1\ENTERN~1\APP\ENTERNET.EXE -AutoStart
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: pcncdf - (no CLSID) - (no file)
O20 - AppInit_DLLs: Interceptor.dll

    Advertisements

Register to Remove


#17 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 03 February 2006 - 05:45 PM

Just as I thought, no immediate threath.

C:\Recycled\NProtect\00032776.DLL


is a protected place and also no threath.

How is the computer running?
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#18 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 03 February 2006 - 07:31 PM

I still get hijacks sending me to some bogus virus software home page add saying a mozzila virus something or other has been detected on my system. I have to close those pages to get back to my home page. It doesn't happen every time maybe once a day. Other then that the system now seems to be operating OK. Is there a way to delete those files by booting to dos or renaming the files and deleting them? It bothers me that Ad-Aware keeps identifying them as CWS and in the past so has Spybot which ironically isn't identifying them right now.

#19 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 04 February 2006 - 04:49 AM

Which versions of Spybot and AdAware are you using?

Can you run an extra scan:

Make a folder called c:\bases

Please download mwav.exe MicroWorld - Free AntiVirus standalone scanner
to that new folder.
Double-click mwav.exe which will start run mwavscan.com > select all local drives > scan all files > press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply. (except for the "refers to invalid object“-notifications, you do not have to copy them) This tool will only report and not fix anything, but is thorough.
Since the log is so large, we only need to see the lines with "action taken" in them, so copy/paste those into the reply.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#20 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 05 February 2006 - 10:00 AM

Interesting! Here is the log. File C:\WINDOWS\SYSTEM\NDTBIOS.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\CCCHEVU.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\titno.exe tagged as "not-a-virus:AdWare.Win32.MDH.e". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\wgse.exe infected by "Trojan.Win32.Runner.h" Virus! Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\NDTBIOS.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\ikvu9_32.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\CCCHEVU.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0000080.CPY tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\TWP3216S.0 tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\DNDRG56X.0 tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\HSOSRL02.0 tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\RLCLTC6.0 tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\LPNKINFO.0 tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002361.CPY tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002391.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002394.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002395.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002397.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002398.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002402.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002405.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002406.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002408.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002409.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002413.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002416.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002417.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002419.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0002420.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\MDCI.0 tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003469.CPY infected by "Trojan-Dropper.Win32.VB.kk" Virus! Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003471.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003473.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003475.CPY tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003477.CPY infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003479.CPY infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003481.CPY tagged as "not-a-virus:AdWare.Win32.E2Give.d". Action Taken: No Action Taken. File C:\_RESTORE\TEMP\A0003483.CPY infected by "Trojan-Downloader.Win32.Qoologic.at" Virus! Action Taken: No Action Taken. File C:\RECYCLED\NPROTECT\00406223.LOG infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\titno.exe tagged as "not-a-virus:AdWare.Win32.MDH.e". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\wgse.exe infected by "Trojan.Win32.Runner.h" Virus! Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\NDTBIOS.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\ikvu9_32.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\WINDOWS\SYSTEM\CCCHEVU.DLL tagged as "not-a-virus:AdWare.Win32.Look2Me.ap". Action Taken: No Action Taken. File C:\inst_0004.exe infected by "Trojan-Downloader.Win32.Small.cam" Virus! Action Taken: No Action Taken. File C:\cygwid.exe infected by "Trojan-Downloader.Win32.Small.bmx" Virus! Action Taken: No Action Taken.

#21 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 06 February 2006 - 03:32 PM

Well, there is found a lot that does not show at first sight.

At first we are going to remove the L2M part.

Please download L2m9xfix from one of these two locations:
GeeksToGo
Noidea.us

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#22 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 06 February 2006 - 09:27 PM

Here are the two logs.

But running l2m9xfix screwed up my quick launch bar. Now I have two sets of everything. How do I straighten out Quick Launch?

Log of L2M9XFix v1.01a

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\DPIME.DLL
C:\WINDOWS\system\MDIMRT16.DLL
C:\WINDOWS\system\MITCP.DLL
C:\WINDOWS\system\NDTBIOS.DLL
C:\WINDOWS\system\OXE2PROX.DLL

************

Registry entries found:



************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!

Logfile of HijackThis v1.99.1
Scan saved at 9:17:53 PM, on 2/6/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [$EnterNet] C:\PROGRA~1\EFFICI~1\ENTERN~1\APP\ENTERNET.EXE -AutoStart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: pcncdf - (no CLSID) - (no file)
O20 - AppInit_DLLs: Interceptor.dll

#23 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 08 February 2006 - 07:17 AM

Did you reboot the computer? If yes, and the problem still remains I will be in contact with the developer for this matter.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#24 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 08 February 2006 - 08:10 AM

Yes, I've rebooted a number of times.

#25 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 08 February 2006 - 01:01 PM

Right-click the taskbar, point to Toolbars, and then click Quick Launch to disable it. Reboot and re-enable it and only one should return.
Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

    Advertisements

Register to Remove


#26 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 08 February 2006 - 02:48 PM

OK, we got that straightened out.

#27 toscane

toscane

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 414 posts

Posted 09 February 2006 - 04:59 AM

Go to Start > Settings > Control Panel >Add/Remove Programs
Remove the following:
(Do not be concerned if they do not exist)
180solutions
kazaa NOTE
Remove your music to another folder if still present, be sure to scan the files!

Also search for those folders in program files and delete them as well.

Here is a list with safe and unsafe sharingprograms P2P programs


You can use Windows Explorer to find and delete this files
(Do not be concerned if they do not exist)

C:\WINDOWS\SYSTEM\wgse.exe
C:\inst_0004.exe
C:\cygwid.exe


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Right-click My Computer and then click Properties.
2. On the Performance tab, click File System
3. On the Troubleshooting tab, click to select Disable System Restore
4. Click OK twice
5. Restart your computer.

6. Right-click My Computer and again click Properties
7. On the Performance tab, click File System
8. Clear the check mark in Disable System Restore check box.
9. System Restore is now be active again.


Run AdAware and please tell me if there is found anything.

Edited by toscane, 09 February 2006 - 05:00 AM.

Please look at a way to avoid trash on your PC!


The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Posted Image
Make a difference…tell your story Posted Image

#28 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 09 February 2006 - 09:47 AM

Can't run Ad-Aware now. Or I should say it runs but repeatedly hangs at the same file and stops responding. The file is: C:\Program Files\Windows Update\buckets.cab Prior to hanging it identifies 4 New Critical Objects but I can't get to a place to see what they are.

#29 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 10 February 2006 - 10:40 AM

Got Ad-Aware to run First emptied Norton Protected Recycled bin Problem File "Program Files\Windows Update\Buckets.cab disappeared. Appears something is writing itself to this protected file. Ad-Aware only found a non-critical cookie. However, Ad-Aware hung during the process and I got the ERROR "Lucallbackproxy Error in file <unknown> will shut down if problem..." Clicked OK and AD-Aware finished. By the name alone this looks like malicious adware. I noticed modem activity while this was going on. Still can't Fix O18 - Protocol: pcncdf - (no CLSID) - (no file) and keep it from coming back. Is there a utility to delete Suggestor.o

#30 mstanley

mstanley

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 10 February 2006 - 10:48 AM

Is Lucallbackproxy.exe a legitimate Symantec Live Update file?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users